Exposures › CVE-2026-3502
TrueConf Client allows attackers to inject tampered update payloads without integrity checks, enabling arbitrary code execution.
This vulnerability permits attackers to substitute update payloads if they control the delivery path, leading to arbitrary code execution during the update process. DIB organizations must ensure update mechanisms enforce integrity verification to prevent unauthorized code execution and potential ransomware entry points.
Shame score — The vulnerability allows arbitrary code execution via tampered updates, a critical failure that could compromise client systems and violate FedRAMP security controls.
TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
No correlated FedRAMP products.